CVE-2005-2856

Name of the Vulnerable Software and Affected Versions UNACEV2.DLL versions prior to 2.6.0.0 ALZip versions 5.51 through 6.11 Servant Salamander versions 2.0 and 2.5 Beta 1 WinHKI versions 1.66 and 1.67 ExtractNow version 3.x Total Commander version 6.53 Anti-Trojan version 5.5.421 PowerArchiver versions prior to 9.61 UltimateZip versions 2.7.1, 3.0.3, and 3.1b Where Is It (WhereIsIt) version 3.73.501 FilZip version 3.04 IZArc version 3.5 beta3 Eazel version 1.0 Rising Antivirus versions 18.27.21 and earlier AutoMate version 6.1.0.0 BitZipper version 4.1 SR-1 ZipTV (affected versions not specified)

Description The issue is a stack-based buffer overflow in the UNACEV2.DLL third-party compression utility. This allows user-assisted attackers to execute arbitrary code via a long filename in an ACE archive.

Recommendations For UNACEV2.DLL, update to version 2.6.0.0 or later. For ALZip, update to version 6.12 or later. For Servant Salamander, update to version 2.5 or later. For WinHKI, update to version 1.68 or later. For ExtractNow, update to version 4.x or later. For Total Commander, update to version 6.54 or later. For Anti-Trojan, update to version 5.5.422 or later. For PowerArchiver, update to version 9.61 or later. For UltimateZip, update to version 3.1 or later. For Where Is It (WhereIsIt), update to version 3.73.502 or later. For FilZip, update to version 3.05 or later. For IZArc, update to version 3.5 or later. For Eazel, update to version 1.1 or later. For Rising Antivirus, update to version 18.27.22 or later. For AutoMate, update to version 6.1.0.1 or later. For BitZipper, update to version 4.1 SR-2 or later. For ZipTV, at the moment, there is no information about a newer version that contains a fix for this vulnerability.